1. Technical Field
The present disclosure relates to networks and, more specifically, to systems and methods for securing networks.
2. Description of the Related Art
While modern computer networks are invaluable for helping organize and share critical information, computer networks also provide new opportunities for unauthorized users and unauthorized devices (rogue devices) to gain access to sensitive information. To prevent the compromising of computer networks, many security features have been implemented to monitor what users and what devices are accessing network resources. Using these measures, computer networks can protect against unwanted users and unwanted devices that may compromise network security and expose sensitive data.
Many institutions and corporations use intrusion detection systems and related technologies to help secure computer networks. Intrusion detection systems employ a process called traffic sniffing whereby data along the computer network is monitored and inspected for signs of unauthorized access.
In a computer network, multiple sensors for sniffing network traffic may be installed at various points along the computer network data path. Optimally, all network traffic should pass through at least one sensor. Because computer networks may be divided into physically independent segments sharing a network address known as subnets, sensors are generally placed at each subnet.
Because all computers located on the same subnet share a network address, all computers within the same subnet can potentially access discrete units of communicated data known as packets regardless of which computer within the subnet the packets are intended for. The network adapters which connect a computer to the network then discriminate between packets so the computer can ignore packets not intended for that computer. Traffic sniffing sensors may therefore be set into a promiscuous mode whereby no packets are ignored and every packet moving across the subnet may be inspected regardless of its intended recipient.
For a computer network, providing traffic sniffing sensors located at each subnet may be a suitable method for protecting against intrusions and unauthorized access to the network.
Today, wireless networking devices are an increasingly popular component of computer networks. Using wireless networking hardware such as wireless access points, computers and other devices are able to gain access to computer networks wirelessly by radio communication. A wireless access point is a radio transceiver that is physically wired to the computer network and broadcasts network access.
Popular implementations of wireless networking include, for example, devices using the 802.11x family of IEEE wireless LAN protocols, such as the 802.11b protocol.
Wireless networking is convenient, allowing for untethered network connectivity anywhere that is within range of the wireless signal. However, wireless networking also poses new security risks to computer networks.
Wireless networking can allow unwanted users and unwanted devices to gain access to the computer network. Even conventional wired networks are not immune to the security threats posed by wireless networking. This is because one or more computers wired to the computer network might contain a wireless network device such as an adapter or access point. Such wireless devices may allow unauthorized users the opportunity to connect to the computer network through the computer associated with the wireless network device, creating an ad-hoc wireless network. Because many modern portable computers come preconfigured with wireless networking adapters, it is possible for a user to unwittingly broadcast network access over the airways.
Wireless networks complicate intrusion detection systems. Traffic sniffing sensors capable of sniffing wireless traffic should be within range of the radio signal carrying the packets. The range of wireless networking devices is dictated by such factors as the sensitivity of the amplifier within the sensor, the gain of the antennas used by the sensor and the RF spectrum profile. The RF spectrum profile is the ability of the radio signal to carry across distances, penetrate through obstacles such as walls and the susceptibility of the radio signal to such factors as radio interference caused by other sources of radio waves such as microwave ovens and environmental factors such as the weather. Therefore, in order to have complete traffic sniffing coverage, multiple sensors may be required.
The nature of wireless networking creates additional obstacles to intrusion detection. Wireless traffic is generally encrypted to guard against unauthorized monitoring. Therefore the analysis of sniffed packets may be limited unless some secret information such as an encryption key is known to the sensor.
In the wireless network, the potential for rogue devices is large. In a wired network, an unauthorized device is physically connected to the computer network in order to gain access to the network. This makes it difficult for unauthorized users to connect devices to the network without being granted physical access onto the premises containing the computer network. However, because wireless networks can communicate through walls and floors, it is no longer necessary for an unauthorized user seeking to connect a rogue device to the network to gain physical access onto the premises. Additionally, wireless networks create the possibility that an authorized user is inadvertently broadcasting network connectivity in an insecure manner through a wireless network adapter installed in the user's computer. Such a security breach may even occur without the user's knowledge as the user's computer reaches to form an ad hoc network with other wirelessly equipped computers, even if these computers are located in an adjacent floor or building occupied by people not affiliated with the institution or corporation housing the computer network.